Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/304aaa-4ce5-4065-b073-26c3365153af/1/fITSIMwL7vIDPVJL8gK5rT5jDZk.roa
File:                     fITSIMwL7vIDPVJL8gK5rT5jDZk.roa (raw, json)
Hash identifier:          exbIzFWjyXpnz0AfLYCYwacGoH3ixRRd+fQI+ATm57M=
Subject key identifier:   7C:84:D2:20:CC:0B:EE:F2:03:3D:52:4B:F2:02:B9:AD:3E:63:0D:99
Certificate issuer:       /CN=4074a1c0383ad5eb0f0588e4c3394ba34010a621
Certificate serial:       0185711E7C3CE8E3E09DAA74A21B051177A3
Authority key identifier: 40:74:A1:C0:38:3A:D5:EB:0F:05:88:E4:C3:39:4B:A3:40:10:A6:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHShwDg61esPBYjkwzlLo0AQpiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/304aaa-4ce5-4065-b073-26c3365153af/1/fITSIMwL7vIDPVJL8gK5rT5jDZk.roa
Signing time:             Mon 02 Jan 2023 06:15:01 +0000
ROA not before:           Mon 02 Jan 2023 06:15:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57513
IP address blocks:        91.197.47.0/24 maxlen: 24
                          91.197.46.0/24 maxlen: 24
                          91.197.46.0/23 maxlen: 23
                          185.81.141.0/24 maxlen: 24
                          185.81.142.0/24 maxlen: 24
                          185.81.140.0/24 maxlen: 24
                          185.81.143.0/24 maxlen: 24
                          91.232.100.0/24 maxlen: 24
                          91.232.101.0/24 maxlen: 24
                          2a05:8800::/29 maxlen: 29
                          2a05:8803::/32 maxlen: 32
                          2a05:8800::/32 maxlen: 32
                          2a05:8800:1::/48 maxlen: 48
                          2a05:8801::/32 maxlen: 32
                          2a05:8804::/32 maxlen: 32
                          2a05:8802::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:1e:7c:3c:e8:e3:e0:9d:aa:74:a2:1b:05:11:77:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4074a1c0383ad5eb0f0588e4c3394ba34010a621
        Validity
            Not Before: Jan  2 06:15:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7c84d220cc0beef2033d524bf202b9ad3e630d99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:df:4f:60:32:59:8e:2e:92:83:71:6e:45:fd:
                    ab:92:59:e9:76:7b:cd:bb:c6:c8:ed:2e:b0:43:95:
                    bd:b3:79:40:42:f0:fc:36:1d:c7:02:d9:cd:67:74:
                    b1:c6:a9:0d:8a:7f:43:8b:ef:df:06:da:67:3e:23:
                    f2:1c:4f:e9:7a:e6:ff:77:3c:ab:96:cd:58:5c:76:
                    e5:c4:7b:ee:c7:d7:a2:13:99:e9:a6:46:36:92:5d:
                    b9:7b:b1:2e:d4:39:22:19:0f:1f:86:9b:9a:11:f4:
                    26:0f:5b:6f:08:b6:dd:ef:2b:86:05:97:63:ea:b5:
                    da:15:1c:e2:03:a1:d5:a4:ff:a4:a7:cc:83:6b:cf:
                    18:07:93:df:ed:42:c1:b9:ab:64:83:12:7e:79:a6:
                    ae:d4:66:aa:6d:ff:bd:31:57:3c:47:8d:43:b4:9d:
                    14:8f:f1:31:66:71:42:35:5d:f0:e2:40:95:f4:87:
                    fc:92:e8:58:19:c9:78:a4:f1:9c:c9:16:45:4f:b8:
                    fa:1e:64:c7:65:49:6c:ca:c2:01:14:8f:dd:35:db:
                    9c:d9:76:d8:9e:66:49:97:f7:35:93:75:91:a3:19:
                    17:56:bf:93:c8:3c:32:07:bf:18:63:de:f4:81:bc:
                    05:af:55:4c:f1:78:20:34:cc:f7:7a:e7:64:c8:85:
                    6a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:84:D2:20:CC:0B:EE:F2:03:3D:52:4B:F2:02:B9:AD:3E:63:0D:99
            X509v3 Authority Key Identifier:
                keyid:40:74:A1:C0:38:3A:D5:EB:0F:05:88:E4:C3:39:4B:A3:40:10:A6:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHShwDg61esPBYjkwzlLo0AQpiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/304aaa-4ce5-4065-b073-26c3365153af/1/fITSIMwL7vIDPVJL8gK5rT5jDZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/304aaa-4ce5-4065-b073-26c3365153af/1/QHShwDg61esPBYjkwzlLo0AQpiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.46.0/23
                  91.232.100.0/23
                  185.81.140.0/22
                IPv6:
                  2a05:8800::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:ff:c0:8a:45:69:48:ce:a5:0f:2e:32:ec:b2:d4:7a:bc:66:
         2c:95:7a:ae:e8:2c:0b:a8:92:a8:31:80:8b:6e:c2:0d:ae:11:
         59:dd:36:83:47:9c:45:bb:b5:dd:18:21:29:2e:80:83:75:16:
         b4:f7:06:18:27:eb:47:51:6d:16:d9:21:13:83:0a:3c:dd:51:
         bd:e9:37:16:37:09:94:6e:f6:9d:dc:0a:03:31:81:dd:c6:81:
         1e:88:73:d4:26:11:d8:e8:d3:84:47:4b:bb:e8:ed:82:17:ed:
         c5:81:94:b0:93:ec:60:82:e5:61:65:7f:49:50:70:76:63:79:
         8e:cb:85:dc:12:43:46:c3:e5:e9:de:7d:aa:22:62:63:76:61:
         07:4b:49:87:0c:60:39:8f:67:c9:9f:90:1a:3e:b1:94:d1:97:
         e7:35:de:83:6d:86:ce:a7:1f:8f:e6:8e:48:63:44:32:a6:f4:
         ea:2b:e3:6c:38:47:b5:b3:ef:64:96:7c:39:52:b7:d3:ad:f1:
         b7:8d:7c:60:75:38:99:62:0c:74:99:f4:db:bd:16:5a:37:f0:
         42:4f:d6:84:89:42:34:ee:2f:2b:43:1b:3a:d7:5d:a7:2c:ea:
         6c:89:7f:84:41:98:7b:60:d0:1c:ba:4b:08:5d:2f:31:ba:50:
         16:d0:ce:6a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVxHnw86OPgnap0ohsFEXejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNzRhMWMwMzgzYWQ1ZWIwZjA1ODhlNGMzMzk0YmEzNDAx
MGE2MjEwHhcNMjMwMTAyMDYxNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg0ZDIyMGNjMGJlZWYyMDMzZDUyNGJmMjAyYjlhZDNlNjMwZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd9PYDJZji6Sg3FuRf2rklnpdnvN
u8bI7S6wQ5W9s3lAQvD8Nh3HAtnNZ3SxxqkNin9Di+/fBtpnPiPyHE/peub/dzyr
ls1YXHblxHvux9eiE5nppkY2kl25e7Eu1DkiGQ8fhpuaEfQmD1tvCLbd7yuGBZdj
6rXaFRziA6HVpP+kp8yDa88YB5Pf7ULBuatkgxJ+eaau1Gaqbf+9MVc8R41DtJ0U
j/ExZnFCNV3w4kCV9If8kuhYGcl4pPGcyRZFT7j6HmTHZUlsysIBFI/dNduc2XbY
nmZJl/c1k3WRoxkXVr+TyDwyB78YY970gbwFr1VM8XggNMz3eudkyIVqHwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHyE0iDMC+7yAz1SS/ICua0+Yw2ZMB8GA1UdIwQY
MBaAFEB0ocA4OtXrDwWI5MM5S6NAEKYhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUhTaHdEZzYxZXNQQllqa3d6bExvMEFRcGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8zMDRhYWEtNGNlNS00MDY1LWIwNzMt
MjZjMzM2NTE1M2FmLzEvZklUU0lNd0w3dklEUFZKTDhnSzVyVDVqRFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8zMDRhYWEtNGNlNS00MDY1LWIwNzMtMjZjMzM2NTE1M2Fm
LzEvUUhTaHdEZzYxZXNQQllqa3d6bExvMEFRcGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBW8UuAwQB
W+hkAwQCuVGMMA0EAgACMAcDBQMqBYgAMA0GCSqGSIb3DQEBCwUAA4IBAQC+/8CK
RWlIzqUPLjLsstR6vGYslXqu6CwLqJKoMYCLbsINrhFZ3TaDR5xFu7XdGCEpLoCD
dRa09wYYJ+tHUW0W2SETgwo83VG96TcWNwmUbvad3AoDMYHdxoEeiHPUJhHY6NOE
R0u76O2CF+3FgZSwk+xgguVhZX9JUHB2Y3mOy4XcEkNGw+Xp3n2qImJjdmEHS0mH
DGA5j2fJn5AaPrGU0ZfnNd6DbYbOpx+P5o5IY0QypvTqK+NsOEe1s+9klnw5UrfT
rfG3jXxgdTiZYgx0mfTbvRZaN/BCT9aEiUI07i8rQxs6112nLOpsiX+EQZh7YNAc
uksIXS8xulAW0M5q
-----END CERTIFICATE-----